Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # $Id: ipt-vps.sh,v 1.5 2015/03/11 08:41:38 dant Exp $
- #
- # Iptables Script for Standalone VPS
- IPT="sudo /sbin/iptables"
- #IPT6="sudo /sbin/ip6tables"
- # Default Policy
- #
- $IPT -P FORWARD ACCEPT
- $IPT -P OUTPUT ACCEPT
- $IPT -P INPUT ACCEPT
- # Flush Rules
- #
- $IPT -F
- $IPT -X
- # OUTPUT
- #
- # Outbound State Connections
- #
- $IPT -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- # INPUT
- #
- $IPT -I INPUT 1 -i lo -j ACCEPT
- # Inbound State Connections
- #
- $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- ##$IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- # Allow Inbound ICMP
- #
- $IPT -A INPUT -p icmp -j ACCEPT
- # Create Custom Chain IN_POL for Inbound Connection
- #
- $IPT -N IN_POL
- # Jump to IN_POL chain
- #
- $IPT -A INPUT -j IN_POL
- # IN_POL Chain Policy
- #
- $IPT -A IN_POL -p tcp -m tcp --dport 22 -j ACCEPT
- $IPT -A IN_POL -p tcp -m tcp --dport 25 -j ACCEPT
- $IPT -A IN_POL -p tcp -m tcp --dport 53 -j ACCEPT
- $IPT -A IN_POL -p udp -m udp --dport 53 -j ACCEPT
- $IPT -A IN_POL -p tcp -m tcp --dport 80 -j ACCEPT
- $IPT -A IN_POL -p tcp -m tcp --dport 443 -j ACCEPT
- # Default Deny All Inbound
- #
- $IPT -A IN_POL -j DROP
- sudo sh -c '/sbin/iptables-save >/etc/iptables/save/rules.v4'
- #sudo sh -c '/sbin/ip6tables-save >/etc/iptables/save/rules.v6'
- sudo /etc/init.d/iptables-persistent save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement